DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace
[!NOTE] This advisory was originally emailed to community@solidjs.com by @nsysean. To sum it up, the use of javascript's .replace() opens up to potential XSS vulnerabilities with the special replacement patterns beginning with $. Particularly, when the attributes of Meta tag from solid-meta are user-defined, attackers can utilise the special replacement patterns, either $' or `$`` to achieve XSS. The solid-meta package has this issue since it uses useAffect and context …